CVE-2006-5990

Name of the Vulnerable Software and Affected Versions VMWare VirtualCenter client versions 1.4.x through 1.4.1 (before Patch 1, Build 33425) VMWare VirtualCenter client versions 2.x through 2.0.1 (before Patch 1, Build 33643)

Description The issue allows remote malicious servers to spoof valid servers via a man-in-the-middle attack when server certificate verification is enabled. This occurs because the client does not verify the server's X.509 certificate when creating an SSL session.

Recommendations For VMWare VirtualCenter client versions 1.4.x through 1.4.1 (before Patch 1, Build 33425), apply Patch 1 (Build 33425) to resolve the issue. For VMWare VirtualCenter client versions 2.x through 2.0.1 (before Patch 1, Build 33643), apply Patch 1 (Build 33643) to resolve the issue.